<?php
header('Content-type:text/html;charset=utf-8');
session_start();
include_once("../class/mysqlclass.php");
$mysqli = new test;
$mysqli = $mysqli -> Con();
//防注入
$usn = Addslashes(trim($_POST['username']));
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
	if (empty(trim($_POST['username']))){
        echo "<script>alert('用户名不能为空！');location.href='infoupdate.php';</script>";
		exit();
    }else {
        $usn = trim($_POST['username']);
    }
	if (empty(Addslashes(trim($_POST['oldpassword'])))){
        echo "<script>alert('旧密码不能为空！');location.href='infoupdate.php';</script>";
		exit();
    }else{
		if(trim(Addslashes(($_POST['oldpassword'])) != $_SESSION['psw'])){
		echo "<script>alert('旧密码输入错误！');location.href='infoupdate.php';</script>";
		exit();
		}
		
    }
    if (empty(Addslashes(trim($_POST['password'])))){
		if (empty(Addslashes(trim($_POST['repassword'])))){$psw = Addslashes((trim($_POST['oldpassword'])));
		}else{
			echo "<script>alert('两次输入密码不一致！');location.href='infoupdate.php';</script>";
		    exit();
		}
		
    }else{
        $psw = Addslashes((trim($_POST['password'])));
		if (Addslashes($_POST['password']) != Addslashes($_POST['repassword'])){
			echo "<script>alert('两次输入密码不一致！');location.href='infoupdate.php';</script>";
			exit();
		}
	}
	if (empty(Addslashes(trim($_POST['telephone'])))){
		$tph = NULL;
    }else {
        $tph = Addslashes(trim($_POST['telephone']));
    }
	if (empty(Addslashes(trim($_POST['age'])))){
			$age = NULL;
    }else {
        $age = Addslashes(trim($_POST['age']));
    }
	//存储图片
    if(empty($_FILES['photo']['tmp_name'])){
    }else{
		$file = Addslashes(file_get_contents($_FILES['photo']['tmp_name']));
		$type = $_FILES['photo']['type'];
		$array=array("image/png","image/gif","image/jpg","image/jpeg","image/bmp");
		if(in_array($type,$array)){
			$sql = "update user set photo = '{$file}' where username = '{$_SESSION['usn']}'";
			$mysqli->query($sql);
			$sql = "update user set type = '{$type}' where username = '{$_SESSION['usn']}'";
			$mysqli->query($sql);
		}else{
			echo "<script>alert('上传图片格式不对，请重新上传！');location.href='infoupdate.php';</script>";
			exit();
		}
	}
    
}
//存储个人信息
$sql = "update user set password = '{$psw}' where username = '{$_SESSION['usn']}'";
$mysqli->query($sql);
$sql = "update user set telephone = '{$tph}' where username = '{$_SESSION['usn']}'";
$mysqli->query($sql);
$sql = "update user set age = '{$age}' where username = '{$_SESSION['usn']}'";
$mysqli->query($sql);
$sql = "update user set username = '{$usn}' where username = '{$_SESSION['usn']}'";
$mysqli->query($sql);
$_SESSION['usn']=$usn;
$_SESSION['psw']=$psw;
$_SESSION['tph']=$tph;
$_SESSION['age']=$age;
echo "<script>alert('修改成功！返回信息页面');location.href='info.php';</script>";